Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 940777 (CVE-2024-36474, CVE-2024-42415, TALOS-2024-2068, TALOS-2024-2069) - <gnome-extra/libgsf-1.14.53: Multiple vulnerabilities
Summary: <gnome-extra/libgsf-1.14.53: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2024-36474, CVE-2024-42415, TALOS-2024-2068, TALOS-2024-2069
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A2 [stable]
Keywords:
Depends on: 945126
Blocks:
  Show dependency tree
 
Reported: 2024-10-05 06:50 UTC by Sam James
Modified: 2024-11-27 16:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-10-05 06:50:19 UTC
* CVE-2024-42415 (https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069)

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

* CVE-2024-36474 (https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068)
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-10-05 06:50:43 UTC
Please bump to 1.14.53.
Comment 2 Larry the Git Cow gentoo-dev 2024-11-08 20:19:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30036425b4ebd5b21a22b5e85e15d3859f73bdd1

commit 30036425b4ebd5b21a22b5e85e15d3859f73bdd1
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2024-11-08 20:17:39 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2024-11-08 20:18:39 +0000

    gnome-extra/libgsf: add 1.14.53
    
    Bug: https://bugs.gentoo.org/940777
    Bug: https://bugs.gentoo.org/923132
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 gnome-extra/libgsf/Manifest              |  1 +
 gnome-extra/libgsf/libgsf-1.14.53.ebuild | 47 ++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)